CVE-2011-4319
https://notcve.org/view.php?id=CVE-2011-4319
Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring. Una vulnerabilidad de ejecución de comandos en sitios cruzados en el método de ayuda de las traducciones i18n en Ruby on Rails v3.0.x antes de v3.0.11 y v3.1.x antes de v3.1.2 y el complemento rails_xss en Ruby on Rails v2.3.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con una cadena de traducciones cuyo nombre termina con la subcadena "html". • http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1 http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain http://openwall.com/lists/oss-security/2011/11/18/8 http://osvdb.org/77199 http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released http://www.securityfocus.com/bid/50722 http://www.securitytracker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2929
https://notcve.org/view.php?id=CVE-2011-2929
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." La funcionalidad de selección de plantilla en actionpack/lib/action_view/template/resolver.rb en Ruby sobre Rails 3.0.x anterior a v3.0.10 y v3.1.x anterior a v3.1.0.rc6 no maneja adecuadamente caracteres glob, lo que permite a atacantes remotos renderizar vistas de su elección a través de una URL manipulada, relacionada con una vulnerabilidad "filter skipping". • http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 http://www.openwall.com/lists/oss-security/2011/08/17/1 http://www.openwall.com/lists/oss-security/2011/08/19/11 http://www.openwall.com/lists/oss-security/2011& • CWE-20: Improper Input Validation •
CVE-2011-2930
https://notcve.org/view.php?id=CVE-2011-2930
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. Múltiples vulnerabilidades de inyección SQL en el método quote_table_name en el adaptador ActiveRecord de activerecord/lib/active_record/connection_adapters/ in Ruby on Rails antes de v2.3.13, v3.0.x antes de v3.0.10, y v3.1.x antes de v3.1.0.rc5, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un nombre de columna modificado. • http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 http://www.debian.org/security/2011/dsa-2301 http://www.openwall.com/lists/oss-security/2011/08/17/1 http://www.openwall.com/lists/oss-security/2011/08/19/11 http://www.openwall.com/lists/oss-security/2011/08/20/1 http://www • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-2932
https://notcve.org/view.php?id=CVE-2011-2932
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." Vulnerabilidad de ejecución de secuencias comandos en sitios cruzados (XSS) en activesupport/lib/active_support/core_ext/string/output_safety.rb en Ruby on Rails v2.x antes de v2.3.13, v3.0.x antes de v3.0.10, y v3.1.x antes de v3.1.0.rc5 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de cadenas Unicode malformadas, relacionado con una "vulnerabilidad de escapado UTF-8" • http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html http://secunia.com/advisories/45917 http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 http://www.openwall.com/lists/oss-security/2011/08/17/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-3187 – Ruby on Rails 3.0.5 - 'WEBrick::HTTPRequest' Module HTTP Header Injection
https://notcve.org/view.php?id=CVE-2011-3187
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. El método to_s en actionpack/lib/action_dispatch/middleware/remote_ip.rb en Ruby on Rails v3.0.5 no valida la cabecera X-Forwarded-For de las peticiones de direcciones IP en una red de Clase C, lo que podría permitir a atacantes remotos la ejecución de documentos de texto en los archivos de registro o evitar análisis de direcciones intencionadas a través de una cabecera modificada. • https://www.exploit-db.com/exploits/35352 http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html http://www.openwall.com/lists/oss-security/2011/08/17/1 http://www.openwall.com/lists/oss-security/2011/08/19/11 http://www.openwall.com/lists/oss-security/2011/08/20/1 http://www.openwall.com/lists/oss-security/2011/08/22/13 http://www.openwall.com/lists/oss-security/2011/08& • CWE-20: Improper Input Validation •